Intro

If you want to go hack a microprocessor-based device, the first thing
you usually do after cracking the case and identifying all the chips, is
look for a serial port. Regardless of the type of device (Linux-based, running
WinCE, working on some kind of RTOS, maybe even with no OS at all), the
majority of them have a serial port for debugging purposes. Most of these
ports have useful info on them even with non-debug firmware, so it's a nice
and easy way to learn more on the device.

Finding the serial port can be a bit of a hassle though. After finding the
correct pins, you still need to know the baudrate the port works on. This
usually means trying out every single rate on the receiving PC until you're
lucky. Having a digital oscilloscope can simplify things a little, but
even if you have one, it's still no fun to fire it up and try and deduce the
baudrate from a trace you manage to capture.

As you may have deduced from the rest of my site, I've hacked my fair share
of devices in the past. The procedure for most them included the routine
described above to get the correct serial port parameters. After doing this
for the umphteenth time, I decided I wanted to automate the process: if I myself
could figure out the baudrate using only my PC or a 'scope, there's no reason
a microcontroller couldn't be taught the same trick.